cybergrandsandbox writeup Defcon prequal
Defcon prequal is over the team finished at rank 29th with 23 pts. Cybergrandsandbox was an exploitation challenge. It's a cgc binary. It's a postfix notation calculator. When given input to calculate it will allocate 0x2000 block, generate jit-code inside it and jump to it. This code will evaluate the result of the input and result in eax.
The approach to exploit it :
- break the pattern in jit-code
- reach our executable code.
- execute 4 bytes and use 2 for chaining
The shellcode we build requires only recieve and transmit functions from libcgc. We only need to recieve from file descriptor 3 which is created from the python launcher which is the flag fd. We then use transmit to send the content of the flag to the socket.